Moritz Muehlenhoff
2006-Jan-09 14:23 UTC
[Secure-testing-commits] r3247 - in data: CVE DSA
Author: jmm-guest
Date: 2006-01-09 14:22:55 +0000 (Mon, 09 Jan 2006)
New Revision: 3247
Modified:
data/CVE/list
data/DSA/list
Log:
two new DSAs for pound and smstools
kernel updates
corrected hylafax fix
fuse fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-08 09:14:19 UTC (rev 3246)
+++ data/CVE/list 2006-01-09 14:22:55 UTC (rev 3247)
@@ -1,3 +1,6 @@
+CVE-2006-0083 [smstools logging format string issue]
+ {CVE-2006-0083}
+ - smstools <unfixed>
CVE-2006-0106 [wine SETABORTPROC code execution via WMF]
{CVE-2005-4560}
- wine <unfixed> (bug #346197; medium)
@@ -2437,8 +2440,9 @@
CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware
...)
NOT-FOR-US: Dell hardware issue
CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of
service ...)
- - linux-2.6 <unfixed>
- - kernel-source-2.4.27 <unfixed>
+ - linux-2.6 <unfixed> (low)
+ - kernel-source-2.4.27 <unfixed> (low)
+ NOTE: Really hard to fix design limitation, no fix to be expected soon
CVE-2005-3659
RESERVED
CVE-2005-3658
@@ -2683,11 +2687,13 @@
NOT-FOR-US: Tonio Gallery
CVE-2005-3541
RESERVED
-CVE-2005-3540
+CVE-2005-3540 [buffer overflow in petris]
RESERVED
+ - petris <unfixed>
CVE-2005-3539 [hylafax notify missing input sanitising]
RESERVED
- - hylafax 2:4.2.4-1
+ - hylafax 2:4.2.4-2
+ NOTE: First patch had regressions
CVE-2005-3538 [hylafax hfaxd PAM breakage]
RESERVED
- hylafax 2:4.2.4-1
@@ -2710,7 +2716,7 @@
{DSA-917-1}
- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root,
allows ...)
- - fuse <unfixed> (bug #340398; medium)
+ - fuse 2.4.1-0.1 (bug #340398; medium)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows
remote ...)
NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2
allows ...)
@@ -17999,7 +18005,7 @@
{DSA-510}
- jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows
local ...)
- NOTE: fixed in linux 2.4.26
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26)
CVE-2004-0446
RESERVED
CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-01-08 09:14:19 UTC (rev 3246)
+++ data/DSA/list 2006-01-09 14:22:55 UTC (rev 3247)
@@ -1,3 +1,9 @@
+[09 Jan 2006] DSA-930-1 smstools - format string error
+ {CVE-2006-0083}
+ [sarge] - smstools 1.14.8-1sarge0
+[09 Jan 2006] DSA-929-1 petris - buffer overflow
+ {CVE-2005-3540}
+ [sarge] - petris 1.0.1-4sarge0
[27 Dec 2005] DSA-928-1 dhis-tools-dns - insecure temporary file
{CVE-2005-3341}
[sarge] - dhis-tools-dns 5.0-3sarge1